LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF MODULE 05 MULTIPROTOCOL LABEL SWITCHING (MPLS) AND LABEL DISTRIBUTION PROTOCOL (LDP) 1 by Xantaro

IP Routing In IP networks, each router makes an independent forwarding decision IP address in header is analyzed and longest match routing lookup is done Choose next hop for the IP packet (hop-by-hop model) IP header contains more information than needed to simply choose next hop Longest Match Lookup was quite resource intensive in the past as there are multiple possible matches 2 by Xantaro

Longest Match Lookup Revisited Consider the following routing table 10.40.100.70/32, nexthop = 1.1.1.1 10.40.100.64/26, nexthop = 2.2.2.2 10.40.100.64/28, nexthop = 3.3.3.4 A Router will convert these addresses to binary 0000 1010. 0010 1000. 0110 0100. 0100 0110 0000 1010. 0010 1000. 0110 0100. 0100 0000 0000 1010. 0010 1000. 0110 0100. 0100 0000 <= last octet has to be 70 to match <= last octet can be between 64 and 127 to match <= last octet can be between 64 and 79 to match The bit boundary ( ) identifies which part of an incoming packet has to match in order to follow this route The first prefix has a prefix length of 32 bits, therefore the whole address has to match to follow this route For the second route, the first 26 bits have to match in order to follow that route Similar, the third route can be followed if an incoming packet matches the first 28 bits 3 by Xantaro

Longest Match Lookup Revisited Example 1 Destination address of incoming packet is converted to binary and compared All red positions have to be the same for an incoming packet to get a match route 1: 0000 1010. 0010 1000. 0110 0100. 0100 0110 route 2: 0000 1010. 0010 1000. 0110 0100. 0100 0000 route 3: 0000 1010. 0010 1000. 0110 0100. 0100 0000 Example 1 : IP Destination = 10.40.100.69 incoming: 0000 1010. 0010 1000. 0110 0100. 0100 0101 route 1 does not match, because the last octet is not equal to 0100 0110 route 2 matches because the last octet starts with 01 route 3 matches because the last octet starts with 0100 In this case route 2 and 3 matches, but route 3 is selected, because it is considered to be a better match route 3 subnet mask length is /28 which is longer than /26 of route 2 4 by Xantaro

Longest Match Lookup Revisited Example 2 Destination address of incoming packet is converted to binary and compared All red positions have to be the same to get a match route 1: 0000 1010. 0010 1000. 0110 0100. 0100 0110 route 2: 0000 1010. 0010 1000. 0110 0100. 0100 0000 route 3: 0000 1010. 0010 1000. 0110 0100. 0100 0000 Example 1 : IP Destination = 10.40.100.70 incoming: 0000 1010. 0010 1000. 0110 0100. 0100 0110 route 1 matches because the last octet is equal to 0100 0110 route 2 matches because the last octet starts with 01 route 3 matches because the last octet starts with 0100 In this case all routes match, but route 1 is selected, because it is considered to be a better match route 1 subnet mask length is /32 which is longer than /26 of route 2 and /28 of route 3 5 by Xantaro

Longest Match Lookup Revisited Example 3 Destination address of incoming packet is converted to binary and compared All red positions have to be the same to get a match route 1: 0000 1010. 0010 1000. 0110 0100. 0100 0110 route 2: 0000 1010. 0010 1000. 0110 0100. 0100 0000 route 3: 0000 1010. 0010 1000. 0110 0100. 0100 0000 Example 1 : IP Destination = 10.40.100.110 incoming: 0000 1010. 0010 1000. 0110 0100. 0110 1110 route 1 does not match because the last octet is not equal to 0100 0110 route 2 matches because the last octet starts with 01 route 3 does not match because the last octet does not start with 0100 In this case only route 3 matches, so the packet will follow this path 6 by Xantaro

MPLS Overview In the 90s routing tables and traffic started to grow exponential in the Internet routing systems were considered to not keep pace with this development A simpler forwarding mechanism should reduce the load on routers forwarding based on a label attached to a packet each label results in exactly one forwarding decision (no longest match) concept borrowed from ATM networks Multiprotocol Label Switching (MPLS) is a base technology that integrates the label forwarding paradigm with network layer routing MPLS WG within IETF chartered in 1997 to support multilayer switching Simplify prefix lookup for forwarding decisions Improves price/performance of network layer routing Improves scalability Provides greater flexibility in delivery of (new) routing services MPLS Layer-2/Layer-3 VPNs Traffic Engineering 7 by Xantaro

Tao of MPLS MPLS architecture has two separated components: Forwarding Plane and Control Plane MPLS network consists of Label Edge Router (LER) or Provider Edge (PE) router Label Switching Router (LSR) or Provider (P) router Packet transport is done from one PE to another PE using a unidirectional tunnel known as Label Switched Path (LSP) Packets entering MPLS network are classified into Forwarding Equivalence Classes (FECs) which are mapped to LSPs Packet forwarding on LSRs is based on labels, not on IP header information similar to other layer-2 forwarding mechanisms (ATM, FR, ) no reclassification of packets once labeled 8 by Xantaro

MPLS Tunnel Label Switched Path (LSP) is an unidirectional tunnel from ingress LER (head end) to egress LER (tail end) via zero or more transit LSRs Transit LSRs will make a forwarding decision only based on MPLS labels Ingress and egress LER make a forwarding decision based on traditional lookups e.g. IP destination address Transit routers do not even need to understand the payload protocol 9 by Xantaro

Forwarding Plane Mechanisms Forwarding Decisions are based on labels, i.e. fixed length, locally significant identifier used to represent a Label Switch Path (LSP) Two LSRs agree that packets belonging to a certain LSP are labeled when transmitted from one of them to the other Mapping from label L to forwarding equivalence class F is called label binding Label L becomes outgoing label of the upstream LSR and ingress label of the downstream LSR 10 by Xantaro

Label Encapsulation Label format depends on the encapsulation type Label stack entries appear after the data link header, but before any network layer header Type Code 0x8847 used for Ethernet, HDLC, GRE, LLC/SNAP (e.g. ATM or Frame Relay) LSRs always forward packets based on the label at the top of the stack More than one label can be used (label stack) 32 bit length 20 bit label value 3 experimental bits used for CoS (nowadays called Traffic Class) Bottom of Stack bit (set to one for the last label of a label stack) Time to Live (same as with IP Routing) 11 by Xantaro

Label Operation Label operations are only done at the top of the label stack LSR and LERs can perform various label operations on a packet Push: Add a new label to the packet Pop: Remove label from the label stack Swap: Replace label with a new label Multiple Push: Add multiple labels to the packet Swap and Push: Replace existing label with a new label, and then push another label on top 12 by Xantaro

Control Plane Mechanisms Label Switched Paths are dynamically established using a label distribution protocol to exchange label/fec bindings MPLS architecture always uses downstream-assigned labels Different protocols capable of label distribution are available Label Distribution Protocol (LDP) Constraint-Routing LDP (CR-LDP) => deprecated Resource Reservation Protocol (RSVP) Border Gateway Protocol (BGP) Also static allocation is possible but does not scale well 13 by Xantaro

Label Distribution: Routing Convergence Label Distribution is not routing. IGP convergence is a prerequisite! 14 by Xantaro

Label Distribution: Label Assignment Labels are distributed between routers and can afterwards be used forwarding These labels only have a local significance the same labels may be reused by multiple routers e.g. R2 may use Label 218 for a different prefix than R3 15 by Xantaro

MPLS Packet Forwarding LSRs forward packets based on labels In this example R3 still has to learn all routes, but it can forward based on labels Longest Prefix match only done on R1 and R5, but not on R3 16 by Xantaro

Penultimate Hop Popping (PHP) When egress LSR receives a labeled packet it must first lookup the top label to detect, that it is the egress LSR remove the top label forward the packet based on another label or layer-3 header Penultimate Hop Popping avoids two lookups Label at top of the stack is removed by upstream neighbor of egress LSR Signaling is done using implicit null label some routers do this per default, others have to be configured to do that On modern platforms the double lookup is usually no longer a problem but many networks are still built with PHP enabled for historic reasons 17 by Xantaro

MPLS Frame Forwarding with PHP Penultimate LSRs pops upper-most label and forwards frame There is never a label with value 3 (implicit null) encoded 18 by Xantaro

Time-to-Live (TTL) In IP forwarding, the Time-to-Live (TTL) value in the IP header is decremented by one while passing through a router Protection against forwarding loops Provides additional functions (multicast scoping and traceroute) In MPLS, the TTL is copied from the label or the IP packet immediately underneath it. Each intermediate LSR decrements the TTL by one. if the TTL becomes zero the packet is discarded as with IP routing MPLS TTL should be copied into the IP header TTL field when it emerges from the LSP (default) however this can be changed to hide core network. 19 by Xantaro

Downstream vs. upstream upstream and downstream are relative terms referring to the packet flow for a certain prefix or FEC downstream is referring to the direction of traffic flow upstream is identifying the router that has sent a packet to the local router 10.0.0.0/24 R1 R2 20.0.0.0/24 R1 is the downstream router for R2 to reach prefix 10.0.0.0/24 R2 is the upstream router from the perspective of R1 for prefix 10.0.0.0/24 R2 is the downstream router from the perspective of R1 for prefix 20.0.0.0/24 R1 is the upstream router from the perspective of R2 for prefix 20.0.0.0/24 For Label Assignment that means R1 has to assign a label for 10.0.0.0/24 and inform R2 about that R2 has to assign a label for 20.0.0.0/24 and inform R1 about that 20 by Xantaro

Label Distribution Label Assignment downstream unsolicited: downstream LSR advertises label bindings for all destinations reachable via itself downstream-on-demand : upstream LSRs explicitly asks for label binding Label Retention Mode liberal label retention: LSR keeps track of all bindings whether they are learned from the next hop or not conservative label retention: LSR only keeps bindings that are actually used and discards all bindings not learned from next hop and thus not used for forwarding Label Distribution Mode independent: label allocation is done independent of other LSRs ordered: labels are allocated only after bindings from other LSRs are received Which of these principals is used depends on protocol and platform 21 by Xantaro

Label Assignment downstream unsolicited: downstream LSR advertises label bindings for all destinations reachable via itself 10.0.0.0/24 R1 Please use Label 12345 if you send traffic for prefix 10.0.0.0/24 to me R2 20.0.0.0/24 downstream-on-demand : upstream LSRs explicitly asks for label binding 10.0.0.0/24 R1 Please give me a label that I should use for prefix 10.0.0.0/24 Please use Label 12345 if you send traffic for prefix 10.0.0.0/24 to me R2 20.0.0.0/24 LDP uses downstream unsolicited, whereas RSVP used downstream-on-demand 22 by Xantaro

Liberal Retention Mode R1 knows according to IGP metric that R3 is the best next-hop to reach R4 therefore it will use R3 as next-hop for prefix 20.0.0.0/24 it will also use label 567 to forward traffic to R3 With liberal retention mode, R1 will also store Label 678 this is beneficial in case of network convergence, when R2 becomes the best next-hop for prefix 20.0.0.0/24 in case of failure on R3 in case the metric changes so that R2 becomes the best next-hop 10.0.0.0/24 20.0.0.0/24 = Label 567 R1 R3 10 10 20.0.0.0/24 = Label 345 R4 20.0.0.0/24 20 20 20.0.0.0/24 = Label 678 R2 20.0.0.0/24 = Label 345 23 by Xantaro

Conservative Retention Mode With conservative retention mode, R1 will discard Label 678, as it is not used for forwarding this save resources on R1 but is bad in case of network convergence, as there is no backup LSP remember that memory on the control plane is usually not an issue these days therefore liberal retention mode is usually been used 10.0.0.0/24 20.0.0.0/24 = Label 567 R1 R3 10 10 20.0.0.0/24 = Label 345 R4 20.0.0.0/24 20 20 20.0.0.0/24 = Label 678 R2 20.0.0.0/24 = Label 345 24 by Xantaro

Independent Label Distribution With independent Label Distribution Mode, a LSR will advertise a label for a prefix that is known by the IGP regardless of whether the downstream LSR has already done that In our example, R3 and R2 advertised a Label to R1 for prefix 20.0.0.0/24, although the downstream LSR R4 has not done that yet (e.g. because it is busy with other operation) This speeds up the establishment of Label Switch Paths, but can create black-hole routing, as there is no end-to-end LSP 20.0.0.0/24 = Label 567 R3 10.0.0.0/24 R1 10 10 R4 20.0.0.0/24 20 20 20.0.0.0/24 = Label 678 R2 25 by Xantaro

Ordered Label Distribution With ordered Label Distribution Mode, a LSR will advertise a label for a prefix that is known by the IGP only, if it already got a label binding from it s downstream LSR In our example, R3 and R2 advertised a Label to R1 for prefix 20.0.0.0/24, only after they have received a Label binding from their downstream LSR R4 for this prefix This slows down the establishment of Label Switch Paths, but ensures no end-toend LSPs 10.0.0.0/24 20.0.0.0/24 = Label 567 R1 R3 10 10 20.0.0.0/24 = Label 345 R4 20.0.0.0/24 20 20 20.0.0.0/24 = Label 678 R2 20.0.0.0/24 = Label 345 26 by Xantaro

LDP Overview Label Distribution Protocol (LDP) is a protocol defined for dynamically distribution label according to MPLS architecture Defines procedures and messages to establish an LSP Creates Forwarding Equivalence Classes (FEC) No traffic-engineering supported LDP does not perform routing relies on OSPF or ISIS for SPF calculation LDP is defined in RFC 5036 (which obsoletes RFC 3036) 27 by Xantaro

Relationship between LDP and IGP LDP establishes Label Switched Paths (LSPs) which always follow the interior gateway protocol (IGP) shortest path LDP only installs LSPs when both IGP and LDP are enabled Policies can be used to control LSP establishment by filtering labels received from or sent to other routes LDP-established LSPs cannot traverse AS boundaries mainly because ISIS and OSPF cannot cross these boundaries as well IGP convergence time defines a lower bound on LDP convergence time During network re-convergence, traffic maybe blackholed 28 by Xantaro

LDP Operation LDP message types include Discovery (Hello) Initialization Advertisements (e.g. Label mapping/request or address messages) Notification 29 by Xantaro

LDP Label Space and LDP Sessions Label Space defines on which scope a label is valid Per-interface label space - label X has a different meaning depending on which interface it is received Per-Platform label space - label X has the same meaning for a router regardless over which interface it is received - usually in Ethernet based MPLS networks, systems make use of a per platform label space LDP Identifier Used to identify label space (consists of Router ID and label space ID) LDP sessions exist between label switch routers to support label exchange between them A separate LDP session is used for each label space but as usually each router only has one label space, only one session is required 30 by Xantaro

LDP Neighbor Discovery LDP uses a discovery mechanism to find potential LDP peers Basic discovery Used to find neighbors directly connected at the link Periodically send LDP Link Hellos on all router multicast address as UDP packets to port 646 Extended discovery Used to locate neighbors not directly connected Periodically send LDP Targeted Hellos to a specific address as UDP packets to port 646 Receipt of Hello packet indentifies Hello adjacency LDP Hello packets include Common Hello Parameters TLV 31 by Xantaro

LDP Session Establishment Exchange of LDP Discovery messages between LSR triggers session setup LDP sessions are established based on label spaces LDP session is always initiated by the router with the higher transport address (active node); other one is passive node Active node establishes TCP connection (called transport connection) to port 646 between LDP transport addresses Active node sends LDP Initialization message to negotiate session parameters 32 by Xantaro

Maintaining LDP Adjacencies LDP session with peer has one or more Hello adjacencies depending on the number of links that share the same label space Hello adjacency maintained by receipt of LDP Discovery Hellos which are periodically sent (hello timer) If hold timer expires, LDP concludes that peer no longer wants to use this label space for that interface LDP also includes a mechanism to monitor integrity of the LDP session LDP messages must be received within keepalive period If no exchange of LDP messages required, at least a keepalive messages is sent 33 by Xantaro

Label Distribution and Management LDP peer advertises IPv4 interface addresses for all LDP-enabled interfaces Uses LDP Address messages and Address Withdraw messages Allows receiving LSR to associate future label advertisements with physical next-hop address for local router Label values are advertised using Label Mapping messages and Label Withdraw message Information stored away in Label Information Base (LIB) 34 by Xantaro

Example for active LDP sessions This example shows a router that has LDP neighbors on 2 interfaces note that both neighbors use the same Label space ID seems like it is the same neighbor on both links xuser@munich> show ldp interface Interface Label space ID Nbr count Next hello ge-0/0/0.0 10.10.10.3:0 1 3 ge-0/0/1.0 10.10.10.3:0 1 2 xuser@munich> show ldp interface extensive Interface Label space ID Nbr count Next hello ge-0/0/0.0 10.10.10.3:0 1 0 Hello interval: 5, Hold time: 15, Transport address: 10.10.10.3 Local hello interval: 5, Index: 67 Hello Sent: 2809, Received: 2818 ge-0/0/1.0 10.10.10.3:0 1 3 Hello interval: 5, Hold time: 15, Transport address: 10.10.10.3 Local hello interval: 5, Index: 68 Hello Sent: 2818, Received: 102 35 by Xantaro

Example for LDP Label database Displays entries in the LDP database (label information base) For each neighbor a router will store labels received from a neighbor (input) and labels send to a neighbor (output) xuser@munich> show ldp database Input label database, 10.10.10.3:0--10.10.10.1:0 Label Prefix 3 10.10.10.1/32 101280 10.10.10.2/32 101248 10.10.10.3/32 101264 10.10.10.4/32 Output label database, 10.10.10.3:0--10.10.10.1:0 Label Prefix 279712 10.10.10.1/32 279728 10.10.10.2/32 3 10.10.10.3/32 279696 10.10.10.4/32 36 by Xantaro

LDP input Database in human language The input label database tells our local router Munich which labels it should use when it wants to send traffic towards the LDP neighbor if Munich wants to send packets via this neighbor it has to use label 3 if traffic is going to 10.10.10.1/32 (Penultimate Hop Popping) use label 101280 if traffic is going to 10.10.10.2 use label 101248 if traffic is going to 10.10.10.3 use label 101265 if traffic is going to 10.10.10.4 Munich may receive different label bindings for the same destination from another router IGP will decide which next-hop (and thus) label to use xuser@munich> show ldp database Input label database, 10.10.10.3:0--10.10.10.1:0 Label Prefix 3 10.10.10.1/32 101280 10.10.10.2/32 101248 10.10.10.3/32 101264 10.10.10.4/32 37 by Xantaro

LDP output Database in human language The out label database tells the other router which labels it should use if it wants to send traffic to the local router Munich if the remote router wants to send packets to the local router Munich it has to use label 279712 if traffic is going to 10.10.10.1 use label 279728 if traffic is going to 10.10.10.2 use label 3 if traffic is going to 10.10.10.1/32 (Penultimate Hop Popping) use label 279696 if traffic is going to 10.10.10.4 Munich will advertise the same labels to other neighbors therefore it does not matter on which incoming interface a packet is received it always results in the same action (per platform label space) xuser@munich> show ldp database Output label database, 10.10.10.3:0--10.10.10.1:0 Label Prefix 279712 10.10.10.1/32 279728 10.10.10.2/32 3 10.10.10.3/32 279696 10.10.10.4/32 38 by Xantaro

Recap : ibgp / IGP relation After IGP convergence R3 and R1 can establish an ibgp session Once the ibgp session is created, R1 sends a prefix towards R3 using it s loopback address as next-hop R3 will do a recursive routing lookup by checking it s routing table for the next-hop of 10.10.10.1 than it will use the resolved next-hop (20.20.20.1) for the prefix 185.16.196.0 As traffic from R3 towards 185.16.196.0/24 will hit R2, it also needs to know the next hop R2 needs to have an ibgp session with R1 as well (not shown here) IGP IGP Loopback 10.0.0.1/32 Loopback 10.0.0.2/32 Loopback 10.0.0.3/32 R1 10.10.10.1/30 10.10.10.2/30 20.20.20.1/30 20.20.20.2/30 R2 ibgp Prefix 185.16.196.0/24 Next-Hop 10.0.0.1 R3 39 by Xantaro

ibgp / IGP relation with MPLS After IGP convergence R3 and R1 can establish an ibgp session Once the ibgp session is created, R1 sends a prefix towards R3 using it s loopback address as next-hop R3 will do a recursive routing lookup by checking it s routing table for the next-hop of 10.10.10.1 if it finds a Label Binding 456 from R2 to reach 10.10.10.1, it can use this label to forward the packet R2 performs forwarding based on the Label 456 and knows that it should forward to packet to R1 and swap the label to 123 As a consequence, R2 does not need to know Prefix 185.16.196.0/24 (it also does not need to run BGP) as it forwards based on the MPLS label, not the IP header IGP IGP Loopback 10.0.0.1/32 Loopback 10.0.0.2/32 Loopback 10.0.0.3/32 Prefix 10.0.0.1/32 = Label 123 Prefix 10.0.0.1/32 = Label 456 40 by Xantaro R1 R2 ibgp Prefix 185.16.196.0/24 Next-Hop 10.0.0.1 R3

ibgp / IGP packet flow with MPLS Here you can see the packet flow after IGP, LDP and BGP convergence 1. R3 receives an IP Packet with Destination Address 185.16.196.122 2. R3 makes a routing lookup and finds a BGP route towards 185.16.196.122 with next-hop of R1 s loopback address 10.0.0.1 3. R3 received a label binding from R2 for 10.0.0.1/32 and the label to use is 456 4. R3 pushed Label 456 and sends the packet to R2 5. R2 makes a forwarding decision based on Label 456. The decision is to swap the label to 123 and send the Packet to R1 6. R1 pops the label and makes a forwarding decision based on the destination address If R1 would advertise 100.000 routes towards R3, all routers could use the same labels for forwarding R2 is not impacted on the number of BGP routes between R1 and R3 DST: 185.16.196.122 R1 Label 123 DST: 185.16.196.122 R2 Label 456 DST: 185.16.196.122 R3 DST: 185.16.196.122 41 by Xantaro

ibgp / IGP packet flow with MPLS and PHP R1 may optionally advertise Label value 3 towards R2 to reach 10.0.0.1/32 this is a special label called implicit-null that instructs the upstream LSR (in this case R2) to pop the outer label In this case R1 does not need to pop the label before doing the IP lookup Depending on the routing platform this may increase performance modern platforms do no longer need this, but many still use that as default A label value of 3 must never be seen on a packet in the forwarding plane! Prefix 10.0.0.1/32 = Label 3 Prefix 10.0.0.1/32 = Label 456 DST: 185.16.196.122 R1 DST: 185.16.196.122 R2 Label 456 DST: 185.16.196.122 R3 DST: 185.16.196.122 42 by Xantaro

Special MPLS Labels The following special labels are currently defined Value Description defined in 0 IPv4 Explicit Null RFC 3032 1 Router Alter Label RFC 3032 2 IPv6 Explicit Null RFC 3032 3 Implicit Null RFC 3032 4-6 Unassigned 7 Entropy Label Indicator RFC 6790 8-12 Unassigned 13 GAL RFC5586 14 OAM Alert RFC 3429 15 Extension Label RFC7274 Routing Platforms may choose a strategy to allocate labels for prefixes and services using values larger than 15 43 by Xantaro